package com.corticon.dialogs.validation.designer;

import java.util.Set;

import org.springframework.validation.Errors;

import com.corticon.dialogs.model.PermissionType;
import com.corticon.dialogs.model.User;
import com.corticon.dialogs.util.security.CustomUserDetails;
import com.corticon.dialogs.util.security.SecurityUtils;
import com.corticon.dialogs.validation.UserValidator;
import com.corticon.dialogs.validation.ValidationConst;

/**
 * The base validator for all admin validators.
 *
 * @author Yanglifan
 */
public class AdminUserValidator<T> extends UserValidator {

    @Override
    public void complexValidate(Object object, Errors errors) {
        super.complexValidate(object, errors);

        User user = (User) object;

        // If the user group is null.
        if (user.getUserGroup().getName().equals(ValidationConst.NULL.toString())) {
            errors.rejectValue("userGroup", "validate.user.group.null",
                "You have to choose a group for this user.");
        }

        permissionsValidate(user, errors);
    }

    private void permissionsValidate(User user, Errors errors) {

        Set<String> permissions = user.getPermissions();

        // When create or edit a user, the admin must assign a permission to the user.
        if (permissions.size() == 0) {
            errors.rejectValue("permissions", "validate.user.permissions.withoutPermission",
                "You have to choose a permission.");
        }

        if (permissions.contains(PermissionType.PORTAL_USER.value()) && permissions.size() > 1) {
            errors.rejectValue("permissions", "user.permissions.only_portaluser",
                "The Portal User permission can not be combined with other permissions.");
        }

        if (permissions.contains(PermissionType.GROUP_ADMIN.value()) && permissions.contains(PermissionType.SYS_ADMIN.
            value())) {
            errors.rejectValue("permissions", "user.permissions.admin",
                "An Admin can not be Group Admin and Sys Admin at the same time.");
        }

        CustomUserDetails currentUser = SecurityUtils.getCurrentUser();

        // Group Admin can not remove his admin permission.
        if (SecurityUtils.checkCurrentAdminPermission(currentUser) == PermissionType.GROUP_ADMIN && user.
            getUsername().equals(currentUser.getUsername()) && !user.getPermissions().contains(PermissionType.GROUP_ADMIN.
            value())) {
            errors.rejectValue("permissions", "validate.user.permissions.BanRemoveGA",
                "This action not available; Administrator permissions cannot be removed for this account.");
        }

        // Sys Admin can not remove his admin permission.
        if (SecurityUtils.checkCurrentAdminPermission(currentUser) == PermissionType.SYS_ADMIN && user.
            getUsername().equals(currentUser.getUsername()) && !user.getPermissions().contains(PermissionType.SYS_ADMIN.
            value())) {
            errors.rejectValue("permissions", "validate.user.permissions.banRemoveSA",
                "This action not available; Administrator permissions cannot be removed for this account.");
        }
    }
}
